NSA Updates Zero-Trust Advice to Reduce Attack Surfaces

Agency encourages broader use of encryption, data-loss prevention, as well as data rights management to safeguard data, networks, and users.

Dark Reading Staff, Dark Reading

April 10, 2024

1 Min Read
Man running with a bunch of 1s and 0s held above his head, across a field of 1s and 0s
Source: Brain Light via Alamy Stock Photo

The National Security Agency has published its latest guidance for organizations interested in moving toward a zero-trust cybersecurity framework, with a particular focus on stopping unauthorized access to data both in transit and in storage.

NSA recommendations include the use of encryption, tagging, labeling, data-loss prevention strategies, and data rights management tools. The NSA suggestions are intentionally aligned with zero-trust frameworks to help government agencies and enterprises defend against increasingly sophisticated cyberattacks.

"Malicious cyber actors continuously increase their ability to infiltrate networks and gain access to sensitive data," Dave Luber, the NSA's director of cybersecurity, said in a statement about the latest round of NSA zero-trust advisories. "Assuming that breaches will occur, implementing the pillars of the zero-trust framework is how we combat that activity."

This focus on what the NSA in its report calls the "data pillar" is the continuation of the agency's development of zero-trust best practices, begun when it first released "Embracing a Zero Trust Security Model" in February 2021.

Just last month, the NSA updated its guidelines for implementing zero trust, which drew a distinction between macro- and microsegmentation of networks. Macrosegmentation is intended for workgroups and departments; micro-segmentation separates traffic even further so that not all users have the same access rights — a bid to reduce an organization's attack surface.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights